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LISTING OF THE CLAIMS 

1. (currently amended) A method of limiting unauthorized network requests, 
comprising the steps of: 
5 identifying entities legitimately entitled to service, wherein an entity 

comprises a user ID/client pair : 

establishing said identified entities as trusted entities by issuing a trust 
token for each entity successfully authenticating to said network service, said 
trust token comprising a data object that includes a client identifier 
10 processing requests from said trusted entities according to a first policy; 

and 

processing remaining requests according to at least a second policy. 



15 



2. cancelled 

3. (original) The method of claim 2, wherein said client comprises any of: an 
instance of a client software application; and a machine running a client software 
application. 



20 4. (original) The method of claim 2, wherein entities legitimately entitled to 
service comprise entities previously able to successfully authenticate to a 
network service. 

5. (original) The method of claim 4, wherein said network service comprises 
25 a server. 

6. cancelled 

7. cancelled 

30 
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8. (currently amended) Method of claim [[7]] 1, said data object including: 
said user ID or a derivative thereof 

9. (original) The method of claim 8, wherein said derivative comprises a 
5 cryptographic hash of the user ID. 

10. (original) The method of claim 8, wherein said data object further includes 
any of: a time stamp of first authentication to said network service by said entity; 
and a time stamp of a most recent authentication to said network service by said 

10 entity. 

11. cancelled 

12. (currently amended) The method of claim [[1]J1, said client identifier 
15 comprising any of: a client identifier assigned by said network service; and a 

client identifier provided by the client. 

13. (currently amended) The method of claim [[7]] 1, further comprising a step 
of encrypting said trust token. 

20 

14. (original) The method of claim 13, further comprising the step of: 
transmitting said trust token from said network service to said client upon 
successful authentication to said network service by said entity. 

25 15. (original) The method of claim 14* wherein said step of transmitting said 
trust token occurs via a secure channel. 

16. (original) The method of claim 15, wherein said secure channel comprises 
a network connection secured via the SSL (secure sockets layer) protocol. 

30 
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17. (currently amended) The method of claim [[7]] 1, further comprising the 
step of: storing said issued trust token on said client. 

18. (original) The method of claim 17, further comprising the step of: 
5 transmitting said stored issued trust token along with said user ID, authentication 

credentials, and client identifier from said client to said network service. 

19. (original) The method of claim 18, wherein said step of transmitting said 
stored, issued trust token occurs via a secured channel. 

10 

20. (original) The method of claim 19, wherein said secured channel 
comprises a network connection secured via the SSL (secure sockets layer) 
protocol. 

15 21. (original) The method of claim 12, further comprising a step of storing said 
issued trust token in a server side database, indexed according to a combination 
of user ID and client identifier. 

22. (original) The method of claim 21, further comprising the step of: 
20 transmitting said client identifier assigned by said network sen/ice from said 

network service to said client upon successful authentication to said network 
service by said entity. 

23. (original) The method of claim 22, wherein said step of transmitting said 
25 client identifier assigned by said network service occurs via a secure channel. 

24. (original) The method of claim 22, said secure channel comprising a 
network connection secured via the SSL (secure sockets layer) protocol. 
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25. (original) The method of claim 21, further comprising the steps of: 
transmitting said user ID and client identifier to said server; and retrieving said 
stored trust token from said database. 

5 26. (original) The method of claim 21, wherein said server side database 
serves a plurality of services. 

27. (currently amended) The method of claim [[2]] 1, wherein processing 
requests from said trusted entities according to a first policy comprises the steps 

10 of: 

validating said trust token; and 

processing request without adding incremental response latency. 

28. (original) The method of claim 27, wherein sakJ step of validating said trust 
15 token comprises the step of: 

verifying that the user ID and a client identffier in the trust token match 
those presented by the client on the request. 

29. (currently amended) The method of claim 28, wherein said step of 
20 validating said trust token further comprises any of the steps of: 

verifying that a time stamp of a first authentication by the entity recorded in 
the trust token is no earlier than a specified c onfigurab le earliest acceptable first- 
authentication time stamp; and 

verifying that a time stamp of a last authentication by the entity recorded in 
25 the trust token is no earlier than a specified configurable earliest acceptable last- 
authentication time stamp. 

30. . (currently amended) The method of claim [[2]] 1, wherein processing 
remaining requests according to at least a second policy comprises adding a 

30 configur a bl e specified amount of incremental response latency when processing 
untrusted logins." 
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31. (original) The method of claim 30, wherein untrusted logins include 
successful and unsuccessful logins from entities not bearing a trust token. 

5 32. (currently amended) The method of claim 31, wherein response latency is 
added to a specified configurab le percentage of successful untrusted logins. 

33. (currently amended) The method of claim 2, wherein processing remaining 
requests according to at least a second policy comprises adding a specified 

10 configurable amount of incremental response latency when processing requests 
from untrusted IP addresses that have exceeded a configurable login rate. 

34. (original) The method of claim 2, wherein processing remaining' requests 
according to at least a second policy comprises requiring an untrusted entity to 

15 complete a Turing test 

35. (original) The method of claim 1, wherein said policies are applied by a 
server. 

20 36. (original) The method of claim 35, wherein said server applies rate policies 
for a plurality of network devices. 

37. (original) The method of claim 6, further comprising the step of: 
updating said trust token after a login by a trusted entity. 

25 

38. (currently amended) A computer program product comprising computer 
readable code means embodied on a tangible medium, said computer readable 
code means comprising code for performing a method of limiting unauthorized 
network requests, said method comprising the steps of: 

30 identifying entities legitimately entitled to service, wherein an entity 

comprises a user ID/client pair : 

Page 6 of 31 

'" .V.V'"'-* 

. • .'■ /X'i 

PAGE 7/32 " RCVD AT 1 1/17/2008 8:50:45 PM [Eastern Standard Time] * SVR:USPTO-EPXRF-8/40 * ONIS: 2738300 ■ CSID: " DURATION <mm-ss):0B-26 \ 



11/17/2006 FRI 17:52 FAX 

: 

! 



000 8/032 



Application ser. no 10/759,596 

establishing said identified entities as trusted entities by issuing a trust 
token for each entity successfully authenticating to said network service, said 
trust token comprising a data object that includes a client identifier : 

processing requests from said trusted entities according to a first policy; 

5 and 

processing remaining requests according to at least a second policy so 
that untrusted network traffic is limited . 

39. cancelled 

10 

40. (original) The method of claim 39, wherein said client comprises any of: 
an instance of a client software application; and a machine running a client 

software application. 

15 41. (original) The method of claim 40, wherein entities legitimately entitled to 
service comprise entities able to successfully authenticate to a network service. 

42. (original) The method of claim 41, wherein said network service comprises 
a server. 

20 

43. cancelled. 

44. cancelled. 

25 45. (currently amended) The method of claim [[44]] 38, said data object 
including: said user ID or a derivative thereof. 

46. (original) The method of claim 45, wherein said derivative comprises a 
cryptographic hash of the user ID. 

30 
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47. (original) The method of claim 45, wherein said data object further 
includes any of: a time stamp of first authentication to said network service by 
said entity; and a time stamp of a most recent authentication to said network 
service by said entity. 

5 

48. cancelled 

49. (currently amended) The method of claim 3[[4]]8, said client identifier 
comprising any of: a client identifier assigned by said network sen/ice; and a 

10 client identifier provided by the client. 

50. (original) The method of claim 45, further comprising the step of: 
encrypting said trust token. 

15 51. (original) The method of claim 50, further comprising a step of: 
transmitting said trust token from said network service to said client upon 
successful authentication to said network service by said entity. 

52. (original) The method of claim 51, wherein said the step of: transmitting 
20 said trust token occurs via a secure channel. 

53. (currently amended) The method of claim 52[[;]] x wherein said secure 
channel comprises a network connection secured via the SSL (secure sockets 
layer) protocol. 

. 25 

54. (original) The method of claim 49, further comprising the step of: storing 
said issued trust token on said client. 

55. (currently amended) The method of claim 54, further comprising the step 
30 of: transmitting said stored issued trust token along with said user ID, 
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authentication credentials , and client id e ntifi e r from said client to said network 
service. 

56. (original) The method of claim 55, wherein said step of transmitting said 
5 stored, issued trust token occurs via a secured channel. 

57. (original) The method of claim 56, wherein said secured channel 
comprises a network connection secured via the SSL (secure sockets layer) 
protocol. 

10 

58. (original) The method of claim 50, further comprising the step of: storing 
said issued trust token in a server side database, indexed according to a 
combination of user ID and client identifier. 

15 59. (original) The method of claim 58, further comprising the step of: 
transmitting said client identifier assigned by said network service from said 
network service to said client upon successful authentication to said network 
service by said entity. 

20 60. (original) The method of claim 59, wherein said step of transmitting said 
client identifier assigned by said network service occurs via a secure channel. 

61. (original) The method of claim 59, said secure channel comprising a 
network connection secured via the SSL (secure sockets layer) protocol. 

25 

62. (original) The method of claim 58, further comprising the steps of: 
transmitting said user ID and client identifier to said server; and retrieving said 
stored trust token from said database. 

30 63. (original) The method of claim 58, wherein said server side database 
serves a plurality of services. 
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64. (original) The method of claim 40, wherein processing requests from said 
trusted entities according to a first policy comprises the steps of: validating said 
trust token; and processing without adding incremental response latency. 

5 

65. (original) The method of claim 64, wherein said step of validating said trust 
token comprises the step of: verifying that the user ID and a client identifier in the 
trust token match those presented by the client on the request. 

10 66. (currently amended) The method of claim 65, wherein said step of 
validating said trust token further comprises any of the steps of: verifying that a 
time stamp of a first authentication by the entity recorded in the trust token is no 
earlier than a specified configurab le earliest acceptable first-authentication time 
stamp; and verifying that a time stamp of a last authentication by the entity 

15 recorded in the trust token is no earlier than a configurable earliest acceptable 
last-authentication time stamp. 

67. (currently amended) The method of claim 40, wherein processing 
remaining requests according to at least a second policy comprises adding a 

20 specified configur a bl e amount of incremental response latency when processing 
untrusted logins. 

68. (original) The method of claim 67, wherein untrusted logins include 
successful and unsuccessful logins. 

25 

69. (currently amended) The method of claim 68, wherein response latency is 
added to a specified configurab le percentage of successful logins. 

70. (currently amended) The method of claim 40, wherein processing 
30 remaining requests according to at least a second policy comprises adding a 
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specified c onfigurab lo amount of incremental response latency when processing 
requests from IP addresses that have exceeded a configurable login rate. 

71. (original) The method of claim 40, wherein processing remaining requests 
5 according to at least a second policy comprises requiring an untrusted entity to 

complete a Turing test. 

72. (original) The method of claim 39, wherein said policies are applied by a 
server. 

10 

73. (original) The method of claim 72, wherein said server applies rate policies 
for a plurality of network devices. 

74. (currently amended) The method of claim [[44]] 38, further comprising the 
15 step of: updating said trust token after a login by a trusted entity. 

75. (original) A method of establishing an entity requesting a network service 
as trusted, comprising the steps of: 

for each successful authentication, adding or updating a database record 
20 containing at least a user identifier, an originating network address and a 
date/timestamp of first and/or the current successful authentication; 

comparing all subsequent authentication requests to said record; and 
where the user identifier of a subsequent request matches that of a 
successful authentication, extending trust to the subsequent request if its 
25 originating network address and timestamp information satisfy predetermined 
criteria in relation to said record. 

76. (original) The method of claim 75, wherein said step of adding or updating 
a database record comprises either of the steps of: 

30 creating a new record by said network service if an entity has not 

previously authenticated to said network service; and 
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updating a previously created record for subsequent authentication 
requests from said entity. 

77. (original) The method of claim 75, wherein a network address comprises 
5 an IP (internet protocol) address. 

78. (currently amended) The method of claim 75, wherein the step of 
extending trust to the subsequent request comprises: 

extending trust rf the user identification and originating network address 
10 match those of the record exactly, and wherein the data/timestamps from the 
record satisfy specified c onfigurabl e bounds checks. 

79. (currently amended) The method of claim 75, wherein the step of 
extending trust to the subsequent request comprises: 

15 when the user identifier of the subsequent request matches that of a 

record, determining a trusted address rang e, defined by client addresses from 
which successful authentications have originated, f or the user identifier from 
stored authentication records. 

20 80. (currently amended) The method of claim 79, wherein the step of 
extending trust to the subsequent request further comprises: 

determining if the originating address of the subsequent request falls 
within the trusted address range, and 

determining if the data/timestamps for the trusted address range satisfy 
25 specified configurabl e bounds checks. 

81. (currently amended) The method of claim 79, wherein the step of 
determining if the data/timestamps for the trusted address range satisfy specified 
configurab l o bounds checks comprises the steps of: 
30 establishing earliest date/timestamp for the trusted [[IP]] address range as 

a minimum for the earliest authentication timestamp; and 
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establishing earliest date/timestamp for the trusted [[IP]] address range as 
a maximum for the earliest authentication timestamp. 

82. (currently amended) The method of claim 79, wherein the step of 
5 extending trust to the subsequent request further comprises: 

if the timestamps pass configurabl e specified bounds checks, extending 
trust to the request. 

83. (original) The method of claim 75, wherein the entity comprises a user 
10 requesting the network service from an anonymous client. 

84. (original) The method of claim 83, wherein the network service comprises 
a server. 

15 85. (original) The method of claim 84, wherein the client and the server are in 
communication via a secured network channel. 

86. (original) The method of claim 85, said secure channel comprising a 
network connection secured via the SSL (secure sockets layer) protocol 

20 

87. (original) The method of claim 75, further comprising the steps of: 
processing requests from trusted entities according to a first policy; and 
processing remaining requests according to at least a second policy. 

25 88. (original) The method of claim 87, wherein processing remaining requests 
according to at least a second policy comprises adding a configurable amount of 
incremental response latency when processing untrusted logins. 

89. (original) The method of claim 88, wherein untrusted logins include 
30 successful and unsuccessful logins from untrusted entities. 
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90. (currently amended) The method of claim 89, wherein response latency is 
added to a specified conf i gurabl e percentage of successful untrusted logins. 

91. (original) The method of claim 87, wherein processing remaining requests 
5 according to at least a second policy comprises adding a configurable amount of 

incremental response latency when processing requests from IP addresses that 
have exceeded a configurable login rate. 

92. (original) The method of claim 87, wherein processing remaining requests 
10 according to at least a second policy comprises requiring an untrusted entity to 

complete a Turing test. 

93. (original) The method of claim 87, wherein said policies are applied by a 
server. 

15 

94. (original) The method of claim 91 , wherein said server applies rate policies 
for a plurality of network devices. 
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